CWE-703
DiscouragedImproper Check or Handling of Exceptional Conditions
Abstraction: Pillar · Status: Incomplete
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
210 vulnerabilities reference this CWE, most recent first.
GHSA-VJFX-X9XG-H5H6
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2023-06-26 21:30Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.
{
"affected": [],
"aliases": [
"CVE-2021-25380"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-09T18:15:00Z",
"severity": "HIGH"
},
"details": "Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.",
"id": "GHSA-vjfx-x9xg-h5h6",
"modified": "2023-06-26T21:30:51Z",
"published": "2022-05-24T17:47:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25380"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VMGJ-7WPP-X799
Vulnerability from github – Published: 2024-04-04 21:30 – Updated: 2024-04-04 21:30A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
{
"affected": [],
"aliases": [
"CVE-2024-22053"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-04T20:15:08Z",
"severity": "HIGH"
},
"details": "A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x\n 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. ",
"id": "GHSA-vmgj-7wpp-x799",
"modified": "2024-04-04T21:30:31Z",
"published": "2024-04-04T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22053"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W254-4HP5-7CVV
Vulnerability from github – Published: 2026-03-30 19:22 – Updated: 2026-03-30 19:22Summary
A Denial of Service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers.
Impact
An attacker with access to a valid Launcher node key can send a specially crafted gRPC request to the Fleet server that triggers an unrecoverable server crash. The gRPC server lacks appropriate error recovery handling, meaning the entire Fleet process terminates rather than gracefully rejecting the malformed input.
Because the crash is instant and repeatable, an attacker could script repeated requests to prevent the server from recovering, resulting in a persistent denial of service until a patched version is deployed.
Workarounds
There is no workaround for this issue other than upgrading to a patched version.
For more information
If there are any questions or comments about this advisory:
Send an email to security@fleetdm.com
Join #fleet in osquery Slack
Credits
Fleet thanks @fuzzztf for responsibly reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/fleetdm/fleet/v4"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.81.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34388"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-30T19:22:39Z",
"nvd_published_at": "2026-03-27T20:16:35Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nA Denial of Service vulnerability in Fleet\u0027s gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers.\n\n### Impact\n\nAn attacker with access to a valid Launcher node key can send a specially crafted gRPC request to the Fleet server that triggers an unrecoverable server crash. The gRPC server lacks appropriate error recovery handling, meaning the entire Fleet process terminates rather than gracefully rejecting the malformed input.\n\nBecause the crash is instant and repeatable, an attacker could script repeated requests to prevent the server from recovering, resulting in a persistent denial of service until a patched version is deployed.\n\n### Workarounds\n\nThere is no workaround for this issue other than upgrading to a patched version.\n\n### For more information\n\nIf there are any questions or comments about this advisory:\n\nSend an email to [security@fleetdm.com](mailto:security@fleetdm.com)\n\nJoin #fleet in [osquery Slack](https://join.slack.com/t/osquery/shared_invite/zt-h29zm0gk-s2DBtGUTW4CFel0f0IjTEw)\n\n### Credits\n\nFleet thanks @fuzzztf for responsibly reporting this issue.",
"id": "GHSA-w254-4hp5-7cvv",
"modified": "2026-03-30T19:22:39Z",
"published": "2026-03-30T19:22:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fleetdm/fleet/security/advisories/GHSA-w254-4hp5-7cvv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34388"
},
{
"type": "PACKAGE",
"url": "https://github.com/fleetdm/fleet"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint"
}
GHSA-W8GR-QR68-9PM5
Vulnerability from github – Published: 2023-04-22 03:30 – Updated: 2024-04-04 03:38NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-0204"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-22T03:15:09Z",
"severity": "HIGH"
},
"details": "NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.",
"id": "GHSA-w8gr-qr68-9pm5",
"modified": "2024-04-04T03:38:31Z",
"published": "2023-04-22T03:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0204"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5459"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXR3-2HGV-QM8F
Vulnerability from github – Published: 2024-07-10 06:33 – Updated: 2024-07-10 21:29All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "node-twain"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21525"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-10T21:29:30Z",
"nvd_published_at": "2024-07-10T05:15:11Z",
"severity": "HIGH"
},
"details": "All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length \u003e= 34 chars leads to a buffer overflow vulnerability.",
"id": "GHSA-wxr3-2hgv-qm8f",
"modified": "2024-07-10T21:29:30Z",
"published": "2024-07-10T06:33:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21525"
},
{
"type": "WEB",
"url": "https://gist.github.com/dellalibera/55b87634a6c360e5be22a715f0566c99"
},
{
"type": "PACKAGE",
"url": "https://github.com/Luomusha/node-twain"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-NODETWAIN-6421153"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "node-twain vulnerable to Improper Check or Handling of Exceptional Conditions"
}
GHSA-X2JX-W3WM-9P3P
Vulnerability from github – Published: 2022-12-05 06:30 – Updated: 2022-12-05 23:29Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nadesiko3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.75"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41777"
],
"database_specific": {
"cwe_ids": [
"CWE-703",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-05T23:29:35Z",
"nvd_published_at": "2022-12-05T04:15:00Z",
"severity": "MODERATE"
},
"details": "Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.",
"id": "GHSA-x2jx-w3wm-9p3p",
"modified": "2022-12-05T23:29:35Z",
"published": "2022-12-05T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41777"
},
{
"type": "WEB",
"url": "https://github.com/kujirahand/nadesiko3/issues/1325"
},
{
"type": "WEB",
"url": "https://github.com/kujirahand/nadesiko3/issues/1347"
},
{
"type": "PACKAGE",
"url": "https://github.com/kujirahand/nadesiko3"
},
{
"type": "WEB",
"url": "https://github.com/kujirahand/nadesiko3/releases/tag/3.3.75"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN56968681/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit"
}
GHSA-X64V-PQ34-G3CQ
Vulnerability from github – Published: 2024-07-21 09:30 – Updated: 2024-08-30 21:31Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
{
"affected": [],
"aliases": [
"CVE-2024-38435"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-21T08:15:05Z",
"severity": "MODERATE"
},
"details": "Unitronics Vision PLC \u2013\u00a0CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service",
"id": "GHSA-x64v-pq34-g3cq",
"modified": "2024-08-30T21:31:40Z",
"published": "2024-07-21T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38435"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X6CR-MQ53-CC76
Vulnerability from github – Published: 2026-02-10 14:33 – Updated: 2026-02-10 19:56Summary
The cookies property in emmett_core.http.wrappers.Request does not handle
CookieError exceptions when parsing malformed Cookie headers. This allows
unauthenticated attackers to trigger HTTP 500 errors and cause denial of service.
Details
Location: emmett_core/http/wrappers/__init__.py (line 64)
Vulnerable Code:
@cachedprop
def cookies(self) -> SimpleCookie:
cookies: SimpleCookie = SimpleCookie()
for cookie in self.headers.get("cookie", "").split(";"):
cookies.load(cookie) # No exception handling
return cookies
PoC
Sending cookies containing special characters such as /(){} will result in insufficient error handling and a server error.
$ curl -w "\nTime: %{time_total}s\n" http://localhost:8000/ -H "Cookie:/security=test"
Internal error
Time: 0.024363s
After the same error occurs several times, the server cannot process it normally.
$ curl -w "\nTime: %{time_total}s\n" http://localhost:8000/ -H "Cookie:(security=test"
Internal error
Time: 60.069334s
$ curl -w "\nTime: %{time_total}s\n" http://localhost:8000/ -H "Cookie:security=test"
Internal error
Time: 60.074031s
This is server log.
[2026-02-03 08:23:40,541] ERROR in handlers: Application exception:
Traceback (most recent call last):
File "/home/geonwoo/.local/lib/python3.13/site-packages/emmett/rsgi/handlers.py", line 70, in dynamic_handler
http = await self.router.dispatch(request, response)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/routing/router.py", line 240, in dispatch
return await match.dispatch(reqargs, response)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/routing/dispatchers.py", line 57, in dispatch
await self._parallel_flow(self.flow_open)
File "/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/routing/dispatchers.py", line 17, in _parallel_flow
raise task.exception()
File "/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/sessions.py", line 102, in open_request
if self.cookie_name in self.current.request.cookies:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/utils.py", line 37, in __get__
obj.__dict__[self.__name__] = rv = self.fget(obj)
~~~~~~~~~^^^^^
File "/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/http/wrappers/__init__.py", line 64, in cookies
cookies.load(cookie)
~~~~~~~~~~~~^^^^^^^^
File "/usr/lib/python3.13/http/cookies.py", line 516, in load
self.__parse_string(rawdata)
~~~~~~~~~~~~~~~~~~~^^^^^^^^^
File "/usr/lib/python3.13/http/cookies.py", line 580, in __parse_string
self.__set(key, rval, cval)
~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/http/cookies.py", line 472, in __set
M.set(key, real_value, coded_value)
~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/http/cookies.py", line 335, in set
raise CookieError('Illegal key %r' % (key,))
http.cookies.CookieError: Illegal key '/security'
Impact
This vulnerability allows unauthenticated attackers to cause denial of service and performance degradation by sending malformed Cookie headers. After this vulnerability occurs, we expect it to be difficult to use the normal service.
patch
/emmett_core/http/wrappers/__init__.py
- from http.cookies import SimpleCookie
+ from http.cookies import SimpleCookie, CookieError # add CookieError
...
...
@cachedprop
def cookies(self) -> SimpleCookie:
cookies: SimpleCookie = SimpleCookie()
for cookie in self.headers.get("cookie", "").split(";"):
- cookies.load(cookie)
+ try:
+ cookies.load(cookie)
+ except CookieError:
+ continue
return cookies
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.3.10"
},
"package": {
"ecosystem": "PyPI",
"name": "emmett-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25577"
],
"database_specific": {
"cwe_ids": [
"CWE-248",
"CWE-703"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-10T14:33:15Z",
"nvd_published_at": "2026-02-10T18:16:37Z",
"severity": "HIGH"
},
"details": "### Summary\nThe `cookies` property in `emmett_core.http.wrappers.Request` does not handle \n`CookieError` exceptions when parsing malformed Cookie headers. This allows \nunauthenticated attackers to trigger HTTP 500 errors and cause denial of service.\n\n\n### Details\n\n**Location:** `emmett_core/http/wrappers/__init__.py` (line 64)\n\n**Vulnerable Code:**\n```python\n@cachedprop\ndef cookies(self) -\u003e SimpleCookie:\n cookies: SimpleCookie = SimpleCookie()\n for cookie in self.headers.get(\"cookie\", \"\").split(\";\"):\n cookies.load(cookie) # No exception handling\n return cookies\n```\n\n### PoC\nSending cookies containing special characters such as /(){} will result in insufficient error handling and a server error.\n```bash\n$ curl -w \"\\nTime: %{time_total}s\\n\" http://localhost:8000/ -H \"Cookie:/security=test\"\nInternal error\nTime: 0.024363s\n```\nAfter the same error occurs several times, the server cannot process it normally.\n```bash\n$ curl -w \"\\nTime: %{time_total}s\\n\" http://localhost:8000/ -H \"Cookie:(security=test\"\nInternal error\nTime: 60.069334s\n\n$ curl -w \"\\nTime: %{time_total}s\\n\" http://localhost:8000/ -H \"Cookie:security=test\"\nInternal error\nTime: 60.074031s\n```\n\nThis is server log.\n```bash\n[2026-02-03 08:23:40,541] ERROR in handlers: Application exception:\nTraceback (most recent call last):\n File \"/home/geonwoo/.local/lib/python3.13/site-packages/emmett/rsgi/handlers.py\", line 70, in dynamic_handler\n http = await self.router.dispatch(request, response)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/routing/router.py\", line 240, in dispatch\n return await match.dispatch(reqargs, response)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/routing/dispatchers.py\", line 57, in dispatch\n await self._parallel_flow(self.flow_open)\n File \"/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/routing/dispatchers.py\", line 17, in _parallel_flow\n raise task.exception()\n File \"/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/sessions.py\", line 102, in open_request\n if self.cookie_name in self.current.request.cookies:\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/utils.py\", line 37, in __get__\n obj.__dict__[self.__name__] = rv = self.fget(obj)\n ~~~~~~~~~^^^^^\n File \"/home/geonwoo/.local/lib/python3.13/site-packages/emmett_core/http/wrappers/__init__.py\", line 64, in cookies\n cookies.load(cookie)\n ~~~~~~~~~~~~^^^^^^^^\n File \"/usr/lib/python3.13/http/cookies.py\", line 516, in load\n self.__parse_string(rawdata)\n ~~~~~~~~~~~~~~~~~~~^^^^^^^^^\n File \"/usr/lib/python3.13/http/cookies.py\", line 580, in __parse_string\n self.__set(key, rval, cval)\n ~~~~~~~~~~^^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.13/http/cookies.py\", line 472, in __set\n M.set(key, real_value, coded_value)\n ~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.13/http/cookies.py\", line 335, in set\n raise CookieError(\u0027Illegal key %r\u0027 % (key,))\nhttp.cookies.CookieError: Illegal key \u0027/security\u0027\n```\n\n### Impact\nThis vulnerability allows unauthenticated attackers to cause denial of service \nand performance degradation by sending malformed Cookie headers. \nAfter this vulnerability occurs, we expect it to be difficult to use the normal service.\n\n\n\n### patch \n`/emmett_core/http/wrappers/__init__.py`\n```python\n- from http.cookies import SimpleCookie \n+ from http.cookies import SimpleCookie, CookieError # add CookieError\n...\n...\n @cachedprop\n def cookies(self) -\u003e SimpleCookie:\n cookies: SimpleCookie = SimpleCookie()\n for cookie in self.headers.get(\"cookie\", \"\").split(\";\"):\n- cookies.load(cookie)\n+ try:\n+ cookies.load(cookie)\n+ except CookieError:\n+ continue\n return cookies\n```",
"id": "GHSA-x6cr-mq53-cc76",
"modified": "2026-02-10T19:56:59Z",
"published": "2026-02-10T14:33:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/emmett-framework/core/security/advisories/GHSA-x6cr-mq53-cc76"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25577"
},
{
"type": "WEB",
"url": "https://github.com/emmett-framework/core/commit/9557ea23a27cbadf7774d8bca6bbe4b54fa8a3ec"
},
{
"type": "WEB",
"url": "https://github.com/emmett-framework/core/commit/c126757133e118119a280b58f3bb345b1c9a8a2a"
},
{
"type": "PACKAGE",
"url": "https://github.com/emmett-framework/core"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Emmett-Core: Unhandled CookieError Exception Causing Denial of Service"
}
GHSA-XR72-MPJ5-G8P2
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-09-05 21:32In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-26456"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T18:15:45Z",
"severity": "MODERATE"
},
"details": "In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-xr72-mpj5-g8p2",
"modified": "2025-09-05T21:32:36Z",
"published": "2025-09-05T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26456"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/art/+/06a99377e368b688dbeb4e6bb11b6e1dfca8bb70"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/art/+/1aedae6e1049aa794b3554183bf07634c8fa291b"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/art/+/3c76194d116bad95e11bda345feaedda6c02c8b4"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XX9Q-649R-GP4M
Vulnerability from github – Published: 2025-08-27 00:31 – Updated: 2025-08-27 15:33In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-22413"
],
"database_specific": {
"cwe_ids": [
"CWE-703"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T23:15:34Z",
"severity": "MODERATE"
},
"details": "In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-xx9q-649r-gp4m",
"modified": "2025-08-27T15:33:15Z",
"published": "2025-08-27T00:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22413"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/kernel/common/+/1a3366f0d3d9b94a8c025d9863edc3b427435c4c"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/kernel/common/+/add3d68602a0c48ed2d5659f0cf26d869776ab35"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.